Smithy is a protocol-agnostic interface definition language and set of tools for generating clients, servers, and documentation for any programming language.
Smithy's @cors trait does not give you access to change the passThroughBehavior and sets the $options.x-amazon-apigateway-integration.passThroughBehavior as when_no_match for all resource paths in the openapi definition. That means if the site uses CORS and submits an OPTION request with application/x-www-form-urlencoded Content-Type, then API Gateway might reject the response with a 500 if the request payload does not happen to be:
{"statusCode":200}
We won't want to reject with a 415 Unsupported by overriding the passthroughBehavior to never through jsonSchema injection. That skips calling the actual GET/PUT/.. operation and is a better choice if we need to reject specific Content-Type(s) or provide extra gateway template configurations.
We can add the {"statusCode":200} request template for all unique mime-type(s) supported by each operations within a path. That way we won't get inadvertent API Gateway errors with OPTIONS operation and the request can move to GET/PUT/... integration.
Issue
Smithy's @cors trait does not give you access to change the passThroughBehavior and sets the
$options.x-amazon-apigateway-integration.passThroughBehavior
as when_no_match for all resource paths in the openapi definition. That means if the site uses CORS and submits an OPTION request withapplication/x-www-form-urlencoded
Content-Type, then API Gateway might reject the response with a 500 if the request payload does not happen to be:We won't want to reject with a 415 Unsupported by overriding the passthroughBehavior to
never
through jsonSchema injection. That skips calling the actual GET/PUT/.. operation and is a better choice if we need to reject specific Content-Type(s) or provide extra gateway template configurations.Source code: https://github.com/smithy-lang/smithy/blob/main/smithy-aws-apigateway-openapi/src/main/java/software/amazon/smithy/aws/apigateway/openapi/AddCorsPreflightIntegration.java#L225-L230
Potential Fixes
We can add the
{"statusCode":200}
request template for all unique mime-type(s) supported by each operations within a path. That way we won't get inadvertent API Gateway errors with OPTIONS operation and the request can move to GET/PUT/... integration.